[c-nsp] IPSEC VPN
Michael K. Smith - Adhost
mksmith at adhost.com
Mon Aug 10 15:30:54 EDT 2009
Hi Mohammad:
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Mohammad Khalil
> Sent: Monday, August 10, 2009 12:21 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] IPSEC VPN
>
>
> hi
> i configured the below on GNS3 simulator
>
> Router(config)#crypto isakmp policy 1
>
> Router(config-isakmp)#authentication pre-share
> Router(config)#crypto isakmp key VPNKEY address x.x.x.x
>
> Router(config)#access-list extended LIST
>
> Router(config-list)#permit ip 192.168.1.0 0.0.0.255 192.168.2.0
> 0.0.0.255
>
> Router(config)#crypto ipsec transform-set SET
>
> Router(config)#crypto map MAP 10 ipsec-isakmp
>
> Router(config-crypto-map)#set peer x.x.x.x
>
> Router(config-crypto-map)#set transform-set SET
>
> Router(config-crypto-map)#match address LIST
>
> Router(config)#interface f0/0
>
> Router(config-if)#crypto map MAP
>
> and im trying to ping 192.168.2.1 source 192.168.1.1 (loopbacks) but
im
> not able to , and the show crypto isakmp sa produces empty o/p
>
> am i missing something here ??
>
nat (inside) 0 access-list LIST
If the .1 address in both subnets are the firewall IP addresses you
won't be able to ping them. Instead, try pinging through them to a host
on either side.
Finally, "debug crypto isakmp" and "debug crypto ipsec" are your friend,
along with a "term mon" :-)
Regards,
Mike
More information about the cisco-nsp
mailing list